One way that security authorization may be transferred from one device to another is via a chain of digital signatures or attestations. Unfortunately, what such chains possess in terms of transparency and security, they typically lack in anonymity; a device may be associated with a public key corresponding to a signature transferring that device a security right or right to an asset, making it readily trackable in a given environment or platform. This is exacerbated when that public key is linked to particular devices or persons, for instance, by a record maintained at a device manufacturer.